blob: 1c25f395275e73c2d5eb16c1f368d562896bd0c2 [file] [log] [blame]
Andrzej Kureka39170b2022-06-06 14:54:58 -04001Security
2 * Fix a buffer overread in DTLS ClientHello parsing in servers with
3 MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE enabled. An unauthenticated client
4 or a man-in-the-middle could cause a DTLS server to read up to 255 bytes
5 after the end of the SSL input buffer. The buffer overread only happens
6 when MBEDTLS_SSL_IN_CONTENT_LEN is less than a threshold that depends on
7 the exact configuration: 258 bytes if using mbedtls_ssl_cookie_check(),
8 and possibly up to 571 bytes with a custom cookie check function.
Andrzej Kureka39170b2022-06-06 14:54:58 -04009 Reported by the Cybeats PSI Team.